Ravenous LogLogic ready to eat all your data

'Let us at it'

Common Topics

Congratulations go out to LogLogic for continuing to put as exciting a spin as possible on one of an administrator's most mundane tasks – log management.

The start-up has shipped a new version of its flagship software that should provide customers with more centralized control over their logs, while also giving them fresh ways to search that information. Best of all the software runs about 35 per cent faster thanks to underlying hardware upgrades on the LogLogic server appliance.

LogLogic's biggest complaints with existing log management tools are that they're decentralized and often homegrown. Customers might have Tivoli, OpenView and the like pumping out tons of data with little ability to handle that information from one spot. In addition, many customers have hand-crafted their own log management code, which is fine up to a point – like when a nasty lawyer or government official shows up wanting very specific, very detailed information.

LogLogic doesn't shy from admitting that regulatory fear stands as the main driver for interest in its product.

"The biggest thing that has happened is that log management has reached escape velocity," said LogLogic CMO Andy Lark. "In the enterprise, that's because of compliance more than anything."

So, with Version 4 of LogLogic, customers will find a centralized, searchable repository of all relevant log data that can be accessed by administrators, HR types and lawyers with equal ease.

The LogLogic 4 search tool, for example, lets an HR staffer type in an ex-employee's e-mail address to see when that employee's e-mail account was shutdown and when the employee was banned from various servers. The same search would flag up instances where that ex-employee sent out e-mails post-termination and identify who the e-mails went to.

There's a big brother aspect, sure, but regulatory requirements such as SOX and PCI demand this type of technology.

(Hopefully, Intel, with its missing anti-trust e-mails, has a LogLogic box on order.)

Also on the search front, LogLogic has added something it's billing as log Tivo. Auditors can basically go back in time to search things such as who altered a specific file or which coders fiddled with an application on a certain day.

LogLogic's indexing and search functions run faster thanks to new appliance hardware. Customers will find a 2U box has replaced an older 3U system. That hardware has support for the latest and greatest x86 chips, including Intel's four-core Xeon, and double the storage of its predecessor. The company reckons it can churn through 75,000 messages per second. All told, that's about a 35 per cent performance increase.

LogLogic hopes the new release of flagship software will help drive more third party interest in its product as well. It has included something called Open Log Services with the package, which is basically a web services API that lets others make their own LogLogic-ready tools.

The start-up has enjoyed 300 per cent year-over-year revenue growth in 2006 and claims more than 300 customers.

One of the largest customers – an entity we're forbidden from naming – uses 34 appliances to track 40,000 systems pumping out a mind-boggling 3 trillion "events" per year. A smaller client monitors 15,000 systems with 22 LogLogic boxes, so that it can keep track of some 320 billion events.

Such figures help provide s sense of scale - or the size of the log -here.

The company claims to have major performance, reporting and management edges over proprietary and open source rivals. But, then, what else would you expect?

"We can cluster our units and basically get to infinite scaling," said Lark. "But what really matters is reporting and indexing speed. We've focused all of our energy on being able to deliver reports in seconds rather than hours."

As of press time, the company had yet to release pricing changes related to the new software. ®